Appl. No. 09/998,916 PATENT 

Amdt. dated: January 6, 2006 

Reply to Final Office Action of September 8, 2005 and 

Advisory Action of December 9, 2005 

Amendments to the Claims: 

Please cancel claims 19-21, 41, and 46 without prejudice or disclaimer. This 
listing of claims will replace all prior versions, and listings, of claims in the application: 

Listing of Claims: 

1 . (Currently Amended) A method for allowing proxies in an integrated 
Identity System and Access System , comprising the steps of: 

receivin g from a user of the integrated Identity System and Access System a 
request for a first e ntity the user to be a proxy for a second e ntit y an administrator of the 
integrated Identity System and Access System ; 

associating said first e ntity user with one or more credentials of said second e ntity 
administrator without authenticating said first entity user as said second e ntity administrator ; and 

allowing said first e ntity user to use said Identity System as said s e cond e ntity 
administrator based on said one or more credentials of said s e cond e ntity administrator |T."|~| ; and 

allowing said user to use said Access System to access resources based on one or 
more credentials of said user but not the one or more credentials of said administrator. 

2. (Currently Amended) A method according to claim 1, wherein said step 
of receiving a request includes the steps of: 

providing a notification to said first entity user of an ability to be said proxy for 
said second e ntity administrator ; and 

receiving a request from said first e ntity user to be said proxy for said s e cond 
entity- administrator . 

3. (Original) A method according to claim 2, wherein: 
said notification includes an email. 
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4. (Original) A method according to claim 2, wherein: 
said notification includes a display page for said Identity System. 

5. (Currently Amended) A method according to claim 1, wherein said step 
of receiving a request includes the step of: 

receiving an indication from said s e cond e ntity administrator that said first e ntity 
user can be said proxy for a second entity said administrator . 

6. (Currently Amended) A method according to claim 1, wherein said step 
of receiving a request includes the steps of: 

providing a list of potential proxy candidates; 

providing a search mechanism to add more candidates to said list of potential 
proxy candidates; and 

receiving a selection of one or more of said potential proxy candidates, including 
a selection of said fist entity user . 

7. (Currently Amended) A method according to claim 1, wherein: 

said credentials of said administrator include a distinguished name for said second 
entity -administrator . 



said credentials of said administrator include identity profile attributes for said 
s e cond e ntity administrator . 



said step of associating includes storing an identification of said second e ntity 
administrator in a data element used to identify said first e ntity user . 



8. 



(Currently Amended) A method according to claim 1, wherein: 



9. 



(Currently Amended) A method according to claim 1 , wherein: 



10. (Currently Amended) A method according to claim 1, wherein: 
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said step of associating includes storing an identification of said s e cond e ntity 
administrator in a cookie for said first entity user , 

1 1 . (Currently Amended) A method according to claim 1 , wherein: 
said step of associating includes using an identification of said s e cond e ntity 

administrator to identify said first e ntity user . 

12. (Currently Amended) A method according to claim 1, wherein said step 
of associating includes the steps of: 

accessing an Identity System cookie for said first e ntity user , said Identity System 
cookie stores an identification of said first e ntity user ; 

storing said identification of said first e ntity user from said step of accessing in a 
second cookie; and 

storing an identification of said second e ntity administrator in said Identity 
System cookie for said first e ntity user . 

13. (Currently Amended) A method according to claim 12, further 
comprising the steps of: 

receiving a request to terminate said first e ntity user being a proxy for said s e cond 

entity- administrator ; 

accessing said identification of said first e ntity user in said second cookie; and 
storing said identification of said first e ntity user in said Identity System cookie 

for said first e ntity user . 

14. (Currently Amended) A method according to claim 12, further 
comprising the steps of: 

receiving a request from said first entity user to access said Identity System; 
determining whether said Identity System cookie for said first e ntity user exists; 
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providing access to said Identity System for said first entity user if said Identity 
System cookie for said first e ntity user exists; and 

authenticating said first e ntity user and creating said Identity System cookie if 
said Identity System cookie for said first entity user does not exist prior to said step of 
determining, said step of creating includes adding said identification of said first e ntity user to 
said Identity System cookie. 

15. (Currently Amended) A method according to claim 12, wherein said step 
of allowing includes the steps of: 

receiving a request from said first e ntity user to access a service in said Identity 

System; 

accessing said identification of said second e ntity administrator in said Identity 
System cookie; 

accessing attributes for said s e cond e ntity administrator based on said 
identification of said s e cond e ntity administrator in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said s e cond e ntity administrator . 

16. (Currently Amended) A method according to claim 1, wherein: 
said steps of receiving, associating and allowing are performed without said first e ntity user 
providing a password for said s e cond e ntity administrator . 

1 7. (Currently Amended) A method according to claim 1 ; wherein: 

said step of associating verifies that said second e ntity administrator is a delegated 
administrator having a right to be proxied. 

1 8. (Currently Amended) A method according to claim 1 , further comprising 

the step of: 
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delegating a right to be proxied to said second e ntity administrator , said step of 
associating verifies that said s e cond e ntity administrator has said right to be proxied. 

19. (Canceled) 

20. (Canceled) 

21. (Canceled) 

22. (Currently Amended) A method according to Claim 1 , wherein: 

said Id e ntity Syst e m is part of an int e grat e d Id e ntity Syst e m and Acc e ss Syst e m; 

unu 

said steps of associating and allowing provide for said first e ntity user to be said 
proxy for said s e cond e ntity administrator in said Identity System but does not provide for said 
first e ntity user to be said proxy for said s e cond e ntity administrator in said Access System. 

23. (Currently Amended) A method according to claim 1, wherein: 

said Id e ntity Syst e m is part of an int e grat e d Id e ntity Syst e m and Acc e ss Syst e m; 

said step of associating includes the steps of: 

accessing an Identity System cookie for said first e ntity user , said Identity 
System cookie stores an identification of said first e ntity user , and 

storing an identification of said s e cond e ntity administrator in said an 
Identity System cookie for said first e ntity user ; 

said Access System uses an Access System cookie for said first e ntity user , said 
Identity System cookie is separate from said Access System cookie; and 

said Access System cookie for said first e ntity user does not store an indication of 
said s e cond e ntity administrator . 
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24. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

receivin g from a user of an integrated Identity System and Access System a 
request for a first e ntity the user to be a proxy for a s e cond e ntit y an administrator of the 
integrated Identity System and Access System ; 

associating said first e ntity user with one or more credentials of said s e cond e ntity 
administrator without authenticating said first e ntity user as said s e cond e ntity administrator ; and 

allowing said first e ntity user to use said Identity System as said s e cond e ntity 
administrator based on said one or more credentials of said s e cond entity administrator ("[.]] ; and 

allowing said user to use said Access System to access resources based on one or 
more credentials of said user but not the one or more credentials of said administrator. 

25. (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said credentials of said administrator include identity profile attributes for said 
s e cond e ntity administrator . 

26. (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said step of associating includes storing an identification of said second e ntity 
administrator in a data element used to identify said first e ntity user . 

27. (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said step of associating includes the steps of: 

accessing an Identity System cookie for said first e ntity user , said Identity 
System cookie stores an identification of said first e ntity user , 
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storing said identification of said first e ntity user from said step of 
accessing in a second cookie, and 

storing an identification of said second e ntity administrator in said Identity- 
System cookie for said first e ntity user ; and 

said method further comprises the steps of: 

receiving a request to terminate said first e ntity user being a proxy for said 
s e cond e ntity administrator , 

accessing said identification of said first e ntity user in said second cookie, 

and 

storing said identification of said first e ntity user in said Identity System 
cookie for said first e ntity user . 

28. (Currently Amended) One or more processor readable storage devices 
according to claim 27, wherein said step of allowing includes the steps of: 

receiving a request from said first e ntity user to access a service in said Identity 

System; 

accessing said identification of said s e cond e ntity administrator in said Identity 
System cookie; 

accessing attributes for said socond e ntity administrator based on said 
identification of said s e cond e ntity administrator in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said second e ntity administrator . 

29. (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said steps of receiving, associating and allowing are performed without said first 
e ntity user providing a password for said s e cond e ntity administrator . 
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30. (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said Id e ntity Syst e m is part of an int e grat e d Id e ntity System and Acc e ss Syst e m; 

111 Ivj 

said steps of associating and allowing provide for said first e ntity user to be said 
proxy for said s e cond e ntity administrator in said Identity System but does not provide for said 
first e ntity user to be said proxy for said second entity administrator in said Access System. 

3 1 . (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said Id e ntity System is part of an int e grat e d Id e ntity System and Access Syst e m; 

said step of associating includes the steps of: 

accessing an Identity System cookie for said first e ntity user , said Identity 
System cookie stores an identification of said first e ntity user , and 

storing an identification of said s e cond e ntity administrator in said Identity 
System cookie for said first e ntity user ; 

said Access System uses an Access System cookie for said first e ntity user , said 
Identity System cookie is separate from said Access System cookie; and 

said Access System cookie for said first e ntity user does not store an indication of 
said s e cond entity administrator . 

32. (Currently Amended) An apparatus that allows for proxi e s in an Id e ntity 
Syst e m, comprising: 

one or more communication interfaces; 
one or more storage devices; and 

one or more processors in communication with said one or more storage devices 
and said one or more communication interfaces, said proc e ssor processors adapted to provide an 
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integrated Identity System and Access System and to p e rforms perform a method comprising the 
steps of: 

receivin g from a user of the integrated Identity System and Access System 
a request for a first e ntity the user to be a proxy for a s e cond entit y an administrator of the 
integrated Identity System and Access System , 

associating said first e ntity user with one or more credentials of said 
s e cond e ntity administrator without authenticating said first e ntity user as said s e cond entity 
administrator , aad 

allowing said first e ntity user to use said Identity System as said s e cond 
entity- administrator based on said one or more credentials of said s e cond e ntity 
administrator [[.]] , and 

allowing said user to use said Access System to access resources based on 
one or more credentials of said user but not the one or more credentials of said administrator. 

33. (Currently Amended) An apparatus according to claim 32, wherein: 
said credentials of said administrator include identity profile attributes for said 

s e cond e ntity administrator . 

34. (Currently Amended) An apparatus according to claim 32, wherein: 
said step of associating includes storing an identification of said s e cond e ntity 

administrator in a data element used to identify said first e ntity user . 

35. (Currently Amended) An apparatus according to claim 32, wherein: 
said step of associating includes the steps of: 

accessing an Identity System cookie for said first e ntity user , said Identity 
System cookie stores an identification of said first e ntity user; 

storing said identification of said first e ntity user from said step of 
accessing in a second cookie, and 
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storing an identification of said second e ntity administrator in said Identity 
System cookie for said first e ntity user ; and 

said method further comprises the steps of: 

receiving a request to terminate said first e ntity user being a proxy for said 
s e cond e ntity administrator ; 

accessing said identification of said first e ntity user in said second cookie, 

and 

storing said identification of said first e ntity user in said Identity System 
cookie for said first e ntity user . 

36. (Currently Amended) An apparatus according to claim 35, wherein said 
step of allowing includes the step of: 

receiving a request from said first e ntity user to access a service in said Identity 

System; 

accessing said identification of said second e ntity administrator in said Identity 
System cookie; 

accessing attributes for said s e cond entity administrator based on said 
identification of said s e cond entity administrator in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said s e cond e ntity administrator . 

37. (Currently Amended) An apparatus according to claim 32, wherein: 
said steps of receiving, associating and allowing are performed without said first 

e ntity user providing a password for said s e cond e ntity administrator . 

38. (Currently Amended) An apparatus according to claim 32, wherein: 
said Id e ntity Syst e m is part of an integrat e d Identity System and Acc e ss Syst e m; 

UIIvI 
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said steps of associating and allowing provide for said first e ntity user to be said 
proxy for said s e cond e ntity administrator in said Identity System but does not provide for said 
first e ntity user to be said proxy for said s e cond e ntity administrator in said Access System. 

39. (Currently Amended) An apparatus according to claim 32, wherein: 
said Id e ntity Syst e m is part of an int e grat e d Id e ntity Syst e m and Acc e ss Syst e m; 
said step of associating includes the steps of: 

accessing an Identity System cookie for said first, e ntity user , said Identity 
System cookie stores an identification of said first e ntity user, and 

storing an identification of said s e cond e ntity administrator in said Identity 
System cookie for said first e ntity user : 

said Access System uses an Access System cookie for said first e ntity user , said 
Identity System cookie is separate from said Access System cookie; and 

said Access System cookie for said first e ntity user does not store an indication of 
said s e cond e ntity administrator . 

40. (Currently Amended) A method for allowing proxies in a syst e m an 
integrated Identity System and Access System , comprising the steps of: 

receivin g from an administrator of the integrated Identity System and Access 
System an indication that a first e ntity user of the integrated Identity System and Access System 
can be a proxy for a s e cond e ntity the administrator , said indication is from said s e cond e ntity ; 

receiving an indication from said first e ntity user to become said proxy for said 
s e cond e ntity administrator ; 

associating said first e ntity with on e or mor e cr e d e ntials of said s e cond e ntity 
without auth e nticating said first e ntity as said s e cond e ntity; and 

accessing an Identity System cookie for said user, wherein said Identity System 
cookie stores an identification of said user; 
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storing an identification of said administrator in said Identity System cookie for 

said user; 

allowing said first e ntity user to use said syst e m Identity System as said second 
e ntity administrator based on said on e or mor e cr e d e ntials of said s e cond e ntit y identification of 
said administrator in said Identity System cookie for said usgr [[.]] ; and 

allowing said user to use said Access System to access resources based on an 
Access System cookie for the user, wherein the Access System cookie is separate from said 
Identification System cookie and the Access System cookie does not store an identification of 
said administrator. 

41. (Canceled) 

42. (Currently Amended) A method according to claim 40, wherein: 
said step of associating accessing includes the steps of: 

acc e ssing a first cooki e for said first e ntity, said first cooki e stor e s an 
id e ntification of said first e ntity, 

storing said identification of said first e ntity user in a second cookie, and 

storing an id e ntification of said s e cond e ntity in said first cooki e for said 

first e ntity; and 

said method further comprises the steps of: 

receiving a request to terminate said first e ntity user being a proxy for said 
s e cond e ntity administrator , 

accessing said identification of said first e ntity user in said second cookie, 

and 

storing said identification of said first e ntity user in said fist Identification 
System cookie for said first e ntity user . 

43. (Currently Amended) A method according to claim 42, wherein said step 
of allowing said user to use said Identity System as said administrator includes the steps of: 
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receiving a request from said first e ntity user to access a service; 

accessing said identification of said second entity administrator in said first 
Identification System cookie; 

accessing attributes for said s e cond e ntity administrator based on said 
identification of said s e cond e ntity administrator in said first Identification System cookie; and 

providing access to said service based on said attributes for said s e cond e ntity 

administrator . 

44. (Currently Amended) A method according to claim 40, wherein: 

said steps of receiving, associating and allowing are performed without said first 
e ntity user providing a password for said s e cond e ntity administrator . 

45. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

receivin g from an administrator of an integrated Identity System and Access 
System an indication that a first e ntity user of the integrated Identity System and Access System 
can be a proxy for a s e cond entity the administrato r , said indication is from said s e cond e ntity ; 

receiving an indication from said first e ntity user to become said proxy for said 
s e cond e ntity administrator ; 

associating said first e ntity with on e or mor e cr e d e ntials of said s e cond e ntity 
without auth e nticating said first e ntity as said s e cond entity; and 

accessing an Identity System cookie for said user, wherein said Identity System 
cookie stores an identification of said user; 

storing an identification of said administrator in said Identity System cookie for 

said user; 
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allowing said first entity user to use said syst e m Identity System as said s e cond 
e ntity administrator based on said on e or mor e cr e d e ntials of said second entit y identification of 
said administrator in said Identity System cookie for said user ff.]] ; and 

allowing said user to use said Access System to access resources based on an 
Access System cookie for the user, wherein the Access System cookie is separate from said 
Identification System cookie and the Access System cookie does not store an identification of 
said administrator. 

46. (Canceled) 

47. (Currently Amended) One or more processor readable storage devices 
according to claim 45, wherein: 

said step of associating accessing includes the steps of: 

accessing a first cooki e for said first e ntity, said first cooki e stores an 
id e ntification of said first e ntity, 

storing said identification of said first e ntity user in a second cookie, and 

storing an id e ntification of said s e cond e ntity in said first cooki e for said 

first e ntity; and 

said method further comprises the steps of: 

receiving a request to terminate said first e ntity user being a proxy for said 
s e cond e ntity administrator , 

accessing said identification of said first e ntity user in said second cookie, 

and 

storing said identification of said first e ntity user in said fist Identification 
System cookie for said first e ntity user . 

48. (Currently Amended) One or more processor readable storage devices 
according to claim 47, wherein said step of allowin g said user to use said Identity System as said 
administrator includes the steps of: 
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receiving a request from said first e ntity user to access a service; 

accessing said identification of said s e cond e ntity administrator in said fifst 
Identification System cookie; 

accessing attributes for said s e cond e ntity administrator based on said 
identification of said s e cond e ntity administrator in said fkst Identification System cookie; and 

providing access to said service based on said attributes for said s e cond e ntity 

administrator . 

49. (Currently Amended) One or more processor readable storage devices 
according to claim 45, wherein: 

said steps of receiving, associating and allowing are performed without said fwst 
e ntity user providing a password for said s e cond e ntity administrator . 
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